Penango for Webmail Release Notes

2014-7-14 Penango 2.6.6 for Firefox, Internet Explorer, and Maxthon 2

  • Fixed crashing in Firefox 30 by adding the Mozilla 30 variant of mozilla::Module, specifically by adding the ProcessSelector enumeration items to CIDEntry and ContractIDEntry. 
  • Simplified and corrected the nsIFile QI code in Penango::GetExtDir.
  • Added interface changes notes up through Firefox 31b5.
  • Moved ___APPLE__ conditional preprocessor directive out of Win32 section.
  • Wrote shim code to create the arrays dynamically in memory on Firefox < 30.
  • Added stub loading code for MacOS.
  • Made an adjustment so that the function is extern "C".

2014-1-6 Penango 2.6.1 for Firefox, Internet Explorer, and Maxthon 2

  • Created a customized format for Penango log entries dumped to the Firefox add-on, Console².
  • Updated the licensing subsystem for modern operation.
  • Advanced the penangoMoz file version to 2.0.1.0.
  • Corrected a corner-case situation where the parentNode of the send buttons might be null in Gmail.
  • Improved licensing robustness for mail.google.com and *.mail.comcast.net.
  • Added additional entries to the First-Party UI.

2013-12-9 Penango 2.5.8.1 for Firefox, Internet Explorer, and Maxthon 2

  • Issued an emergency patch so that attachment spans can be detected in the Gmail conversation view
  • Dealt with the regression where the old attachments were not getting detected, by going all the way into determining whether the new 2013 "attsrow" is present, and if not, falling back to the pre-2013-11-25 method.
  • Moved setStatusError to after the check if the thrown error is recoverable in gmailutil.js, which addresses the failure to retry (interacting with marking the message element as processed).
  • Added IE handling of corrupt messages signaled from CryptMsgUpdate with CRYPT_E_MSG_ERROR and CRYPT_E_ASN1_BADTAG.

2013-12-2 Penango 2.5.8 for Firefox, Internet Explorer, and Maxthon 2

  • Implemented new functions in NSS namespace object: isSECError (which determines if an nsresult is in SEC_ERROR range specifically, not just MODULE_SECURITY), and toSECError (which returns a Number object, or null, based on an nsresult).
  • Added existence check for opt_specific_error in NSS.isSECError.
  • Corrected implementation problems: & operator treats numbers as 32-bit signed integers.
  • Replaced PENANGO_ERROR.CMS.ToSECErrorCode with NSS.toSECError in smimesender.js.
  • Added serialization such that errors output as "SEC_ERROR_BAD_PASSWORD (-8177)" in smimesender.js.
  • Removed stray comment, which used the old error space and is no longer relevant.
  • Replaced PENANGO_ERROR.CMS.ToSECErrorCode with NSS.toSECError (and NSS.isSECError) in smimeviewer-moz.js.
  • Changed toString method in toSECError so that it outputs the code_part (the actual SEC_ERROR code), plus the BASE + offset value.
  • Used the improved serialization of SEC_ERROR codes in smimesender.js.
  • Used the improved serialization of SEC_ERROR codes in smimeviewer-moz.js.
  • Combed through the binary code to replace all PENANGO_ERROR_CMS_SEC_ERROR_BASE references with Penango::ConvertPORTError.
  • Added Penango::ConvertPORTError(SECErrorCodes err).
  • Added comments indicating that the results from nsIRunnable ->Run (and penangoRunnable ->Task) are irrelevant. NS_OK, among others, can be returned without consequence.
  • Deleted PENANGO_ERROR namespace object.
  • Added GmailSmimeViewer::process2013AttsRow, which attempts to process the new attachments row.
  • Corrected problem in the "sampleik" test to test for anything BUT hex chars rather than only hex chars.
  • Corrected implementation problems in gmailsmime-obj2.js, namely, problems with the message identifier.
  • Wrote GmailSmimeViewer::createAttURL, which creates an attachment URL for download purposes.
  • Added handler for application/pkcs7-mime and multipart/signed.
  • Changed len to progress_len in getOriginalMessage, to collect the accumulated number of bytes downloaded.
  • Added the throbber to the S/MIME part with "throbotomy" function.
  • Added rough approximation of size for clear-signed messages: 300K per attachment.
  • Corrected a problem in gmailprogressmeter.js: setOpacity now takes a number, not a string.
  • Computed approximateSizeOfMsg for signed-only (clearsigned) messages by scraping the KB/MB size values out of the webpage, and summing them up.
  • Added fade out of the attachments, except for the last smime.p7s attachment. The fade out occurs at a rate of 3 per second, fading out over 0.75 seconds.
  • Added note about looking for the Content-Length header.
  • Used URLRetriever to make SmimeViewer::getContents mostly platform-neutral.
  • Removed the usage of channels and IOService (in IE).
  • Added platform-specific functions getContents.init, getContents.write, getContents.stop_ok, and getContents.stop_err.
  • Corrected missing variables, which were causing inappropriate failures in the rewritten code in Mozilla.
  • Changed GmailMonitor.setStatusOk(target) to setStatusOk(msg gmailsmime-obj2.js.
  • Wrote an abort function call explicitly in SmimeViewer.prototype.getContents.write for Mozilla.
  • Added special processing on the first pass for SEC_ERROR_BAD_DER and SEC_ERROR_NOT_A_RECIPIENT.
  • Added flag "this.isCorrupt".
  • Fixed logic problem where sometimes this.fadeLineIn is not a function.
  • Added support for event in IE implementation of URLRetriever.
  • Changed headers initialization to "" (i.e. not null).
  • Changed function names in GmailSmimeViewer.getInterestingHeaders.
  • Caught this.abort() errors (exceptions) since they are expected for short messages in GmailSmimeViewer.getInterestingHeaders.
  • Clarified that the "start" event is supposed to provide the REQUEST, not the RESPONSE.
  • Used getContents$__internal_figure_out_size in smimeviewer.js to predict the Max Value (size of the smime.p7m attachment). The code complies with the abstraction on all platforms. Previously, it would not work on IE because onstart does not have the response headers, which are necessary for evaluating Content-Type and Content-Length headers.
  • Added IE handling of corrupt messages signaled from CryptMsgUpdate.
  • Rewrote statusOutput.showError to output based on the IE error results (not Mozilla results).
  • Reduced inspection of whether a message has been processed to a check of if it has been processed in general.
  • Made abort() calls "infalliable".
  • Dealt with the regression where the old attachments were not getting detected, by going all the way into determining whether the new 2013 "attsrow" is present, and if not, falling back to the pre-2013-11-25 method.
  • Moved setStatusError to after the check if the thrown error is recoverable in gmailutil.js, which addresses the failure to retry (interacting with marking the message element as processed).
  • Updated copyright legends to 2013.

  • 2013-11-21 Penango 2.5.7 for Firefox, Internet Explorer, and Maxthon 2

    • Fixed regression in IE8 where the OAuth token acquisition process would not complete. Now, the OAuth token is successfully acquired (and sending via SMTP does not fail).
    • Corrected implementation problem with stUtil.fadeIn, because on IE8, document.defaultView does not exist--it's only document.parentWindow.
    • Cleaned up stUtil.fadeIn by removing win dependency entirely, and separating out the if (tout && tout > 0) line.
    • Added localized support for Latin American Spanish (Español (Latinoamérica), es-419), particularly in IE/Windows, by adding special handling of es-419 -> 0x580a in UniformLocaleNameToLCID.
    • Corrected missing variable problem of elRecipsArray in infobar code, replacing it with "numberofRecips", and thus correcting a problem with the infobar's rendering of Japanese, Spanish, and Italian.
    • Fixed coding error in GmailSmimeSender.prototype.get
      InputElements, where for the old compose (which IS STILL USED in IE8), the code was attempting to get the form element named n (0, 1, 2, etc.) instead of names[n] ("to", "cc", "bcc", etc.).
    • Fixed \u FDD1 -> \uFDD1 in Japanese translation of GmailFinalizingSMTP.
    • Redid Japanese translation of GmailFinalizingSMTP.
    • Added additional licensed sites.


    2013-11-14 Penango 2.5.6 for Firefox, Internet Explorer, and Maxthon 2

    • Added support for the following media types-to-icons in Gmail:

    "application/vnd.openxmlformats-officedocument.wordprocessingml.document" (docx)
    "application/rtf" (rtf)
    "text/rtf" (rtf)
    -> doc icon
    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
    (xlsx)
    -> xls icon
    "text/javascript"
    "text/x-javascript"
    "application/javascript"
    "application/x-javascript"
    -> txt icon
    "text/html"
    -> html2 icon

    "application/vnd.openxmlformats-officedocument.presentationml.presentation"
    (pptx)
    -> ppt icon
    "application/gzip" (gz)
    -> zip icon

    • Corrected discoverio.js licensing matter.
    • Added additional licensed sites.

    2013-11-7 Penango 2.5.5 for Firefox, Internet Explorer, and Maxthon 2

    • Implemented fully asynchronous certificate validation throughout Penango. Certificate validation for signing and encryption certificates now always occurs on a separate validation thread, with the results delivered asynchronously back to the code for further processing.
    • Designed "log maps" (LogMap), which is a data structure that stores validation logs for specific purposes indexed by target cert hash (thus forming an unordered map).
    • Implemented "Validate3" validation algorithm in Internet Explorer that reflects the CERT_CHAIN_CONTEXT validation results back into the code exactly as the MS CryptoAPI prepares it.
    • Implemented the remaining bits of asynchronous certificate validation in Mozilla using the modern API call, CERT_PKIXVerifyCert.
    • Deleted prior ValidateAsync, Validate2, and ValidateCertificate APIs, which did not provide the same level of detail about validation results to the IE code.
    • Fixed an implementation bug in the Mozilla asynchronous certificate validation code that would prevent the errorLog (CERTVerifyLog) from being reflected into the Mozilla code when computing CERT_PKIXVerifyCert.
    • Wrote fallback validation handlers in Mozilla to compute the pro forma validation logs when encountering SEC_ERROR_REVOKED_CERTIFICATE (r), SEC_ERROR_EXPIRED_CERTIFICATE (t), and SEC_ERROR_INADEQUATE_KEY_USAGE (e).
    • Embellished the platform-specific gloss layer in findcerts.js to extract various properties out of the platform-specific logs, namely:
      Penango.hasNoCompletePath
      Penango.hasTimeInvalidCert
      Penango.hasRevokedCert
      Penango.hasUsageProblem
      Penango.getPathCount
      Penango.getCertificationPath
      Penango.computeFirstUntrustedElement
    • Wrote Penango.getCertificationPath specifically to provide a kind of platform-neutral representation of the (most adequate or "best") certification path, from trust anchor (position 0) to target cert (position length-1), along with useful properties and a reference to platform-specific properties.
    • Added a +1 length adjustment (-1 depth adjustment) in computeFirstUntrustedElement to Mozilla errorLog processing for revoked certificates. Mozilla reports the issuer (revoker) has the SEC_ERROR_REVOKED_CERTIFICATE, when in fact the next certificate in the chain (revoked) is the position/depth where the revocation matters (i.e., the revoker has to be trusted in order to accept the revocation of child certs).
    • Added specific handling for and related to untrusted self-signed certs in the validation log gloss functions (and the code that calls them), such as Penango.computeFirstUntrustedElement.
    • Rewrote certificate validation-to-PAG implementation so that the Penango Authentication Grammar can now interpret the log results of asynchronous certificate validation.
    • Implemented encryption log maps for recipients, From, Sender, and Reply-To in Gmail, so that asynchronous certificate validation results are stored in memory with the message being composed, and are then sent to the S/MIME serializer for encryption processing. Only changed e-mail addresses are used (or removed) during searches for valid certificates.
    • Implemented signer (compose.sign) log processing in Gmail and Zimbra, so that the asynchronously validated log (rather than the certificate) is used for UI display and during S/MIME serialization.
    • Implemented preferred encryption (compose.signEncrypt) log processing, so that the preferred encryption certificate will be used in preference to (instead of) automatically discovered encryption certificates for a given originator (author, sender, or repliant).
    • Added cert var parameterization to the preference compose.signEncrypt, in addition to parameterizing by e-mail address in the "from" field). The compose.signEncrypt preference can be parameterized not only on the originating e-mail address, but also on the signing certificate. The signing certificate (compose.sign or automatically chosen) will be parameterized in the vars "issuer", "sha1", and "sha256" (as discussed below) for compose.signEncrypt.
    • Implemented compose.sign log processing, so that the preferred signing certificate will be used *in addition* to automatically discovered encryption certificates for a given originator (author, sender, or repliant), provided that the signing certificate is technically usable for encryption.
    • Implemented the algorithm for setting up encryption recipients.
    • Deleted old code that synchronously (and therefore slowly) determined recipient certificates at S/MIME serialization time.
    • Included serialization of SMIMEEncryptionKeyPreference (when a preferred encryption certificate is specified, i.e., in the compose.signEncrypt preference) in IE, with support for both IssuerAndSerialNumber and SubjectKeyIdentifier.
    • Added compose.recipientIdentifier preference, which is parameterized by cert vars. This preference can be set to IssuerAndSerialNumber or SubjectKeyIdentifier, so that the recipientIdentifier CHOICE can identify the certificate with one of these two methods.
    • Added SMIMEEncryptionKeyPreference serialization CHOICE to be based on compose.recipientIdentifier, per above, in IE.
    • Added cert var parameterization, which means that for preferences that are "parameterized by cert vars", it is possible to limit the preference to particular certificates based on issuer distinguished name in RFC 4514 string format ("issuer"), SHA-1 hash ("sha1"), or SHA-256 hash ("sha256").
    • Wrote certutils.getNickname for Mozilla, which returns null rather than a language-dependent string when the cert has no nickname.
    • Detected and corrected invalid level setting 'f' in jsdump2 calls in Gmail OAuth, replacing them with 'e'.
    • Tested and validated certificates that are "peer-trusted" in Mozilla and IE, with success.
    • Obsoleted and deleted the synchronous API calls to validate and find+validate certificates on all platforms, including the legacy function getBestCertByEmail.
    • Deleted vCache throughout the code (vCache was used buy getBestCertByEmail).
    • Deleted PenangoInfoBar.convertEmailArrayToRecipientCertPairs, which used getBestCertByEmail, and replaced it with PenangoInfoBar.computeLogToAddrSpecsOrderedMultiMap.
    • Deleted various obsolete functions in Zimbra related to synchronous certificate lookup (such as ZimbraUtil.getRecipientCerts), and replaced them with asynchronous code and log maps.
    • Obsoleted the synchronous API call si.verifyCertificate in Mozilla.
    • Deleted various legacy functions in penangolegacy.js.
    • Deleted legacy functions in SmimeSender-related code that would look up certificates synchronously.
    • Added certificate icon into the PAG when rendering encryption recipients during compose.
    • Improved the certificate icon overlay in Gmail New Compose by adding tooltip information and correcting click vs. drag usability issues.
    • Corrected race condition problems in adding the certificate icon to recipients in Gmail New Compose.
    • Corrected certificate icon problems on IE and Mozilla platforms.
    • Added pointer cursor over certificate icons.
    • Increased the font-size of the infobar from 75% to 81% since the old font size presented reading difficulties for things such as the DoD ID.
    • Processed new certificates found during LDAP lookup, and added PAG-based notification to the Gmail Alert Area when new certificates are found and added to the local store.
    • Extracted recipient rendering into Penango.Noun.renderRecipients to render recipients in an encapsulated way, which is used by both the main rendering code for the infobar, and for the LDAP lookup results.
    • Added PAG capability to refer to "yourself" (instead of "you") with the member variable Penango.Noun.You.prototype.sayYourself.
    • Corrected and substantially improved stUtil.setOpacity to set the opacity of elements on modern browsers (i.e., IE9, modern Firefox, etc.).
    • Corrected and improved stUtil.fade-based functions.
    • Improved race conditions in GmailAlertArea so that it displays according to schedule, but can get overwritten if multiple messages are provided in rapid succession.
    • Changed setAlertMessage drawAttention autohide from 8 seconds to 10 seconds.
    • Improved the recognition of DoD Root CA 2-issued certificates (i.e., US DoD certificates) in the PAG since DoD Root CA 2 has both self-signed and intermediate issuer cert alternatives in the wild (the latter chain to US FBCA/Common Policy certificates and to Shared Service Provider certificates).
    • Implemented new algorithms hasCert and hasCerts to match certificates in the PAG.
    • Added new certs to the First-Party UI.
    • Added support for Reply-To header in Mozilla and IE S/MIME serialization code paths, specifically in the functions makeRFC2822Headers and SmimeSender.Msg.prototype.Prepare.
    • Moved getting the certificate icon to platform-neutral code, specifically Penango.reifyCertIcon in resources.js, and deleted stUtil.getCertIcon.
    • Moved displaying certificates to platform-neutral code, specifically Penango.viewCert and Penango.viewCertInLog in findcerts.js.
    • Corrected a PAG rendering problem where the hour in English and Japanese was being reported as 0-11 instead of 1-12 (e.g., 12:17 PM was reported as 0:17 PM).
    • Added handling for rendering where the declarant is null, for various corner-case reasons.
    • Undertook substantial analysis of LDAP attribute descriptors and other descriptors (e.g., specified in canonical RFCs) related to distinguished name representation and processing.
    • Created subsets of OID.LDAP with OID.LDAP.A (Attribute Type/descriptor), and OID.LDAP.O (Object Class).
    • Added some object classes in OID.LDAP.O for good measure.
    • Embellished oid.js with more detailed information for and about distinguished name attribute components in the OID.DN namespace object, and attribute descriptors in the OID.LDAP.A namespace object.
    • Added OID-to-descriptor lookup in oid.js (OID.DN and OID.LDAP.A) to coexist with the pre-existing descriptor-to-OID lookup.
    • Corrected a logical error in ASN1.PDU::toOID, where the bcd was not analyzed properly when its length is < 3 (i.e., between 0 and 99). This caused OID arcs that should have been '0.' to be reported as '2.'.
    • Added capability to DN output to use OID.LDAP.A attribute descriptors if DN-specific descriptors in OID.DN are unavailable (for example: for roomNumber).
    • Made PAG getHTML_FullSubject and getString_FullSubject platform-neutral after all of these years, by implementing them in the common internal function __getFullSubject. __getFullSubject emits text using a more well-defined algorithm:
      friendly name || common name (organization name) || common name || DN || SHA-1
    • Adjusted and improved recognition of Comodo (specifically: USERTrust) certificates.
    • Removed deprecated function stUtil.getTopCA.
    • Removed deprecated function stUtil.getIssuer.
    • Removed and replaced large quantities of plaform-specific code in the PAG with platform-neutral code, including log2 stuff.
    • Corrected a problem where there was a space in a character escape sequence of the German translation of GmailFinalizingSMTP (message sent, now waiting for success confirmation), preventing message-specific data from being substituted in properly.
    • Added sanity check to Penango.computeLangs.
    • Corrected usage of GmailUtil.getGlobalPrefs, which was significantly off.
    • Corrected implementation of GmailUtil.getLangsForGmail, which was significantly off.
    • Added localized translations for new certificates (NewCertsLDAPTitleHTML, NewCertsMsgTitleHTML, NewEncryptCertsHTML, NewSignCertsHTML).
    • Fixed a bug in the US DoD entity rendering code in pag-render-ca.js, where the return of ke.getHTML was not put in the el2 variable (ultimately causing "the recipient" to render superfluously).
    • Added experimental "mindelay" feature to test longer delay times when validating certificates. The preferences are "experimental.validate.usemindelay" (boolean, no vars) and "experimental.validate.mindelay" (cert vars; value in milliseconds as a number).
    • Enabled revocation checking (check revocation for the whole chain excluding the root) for CryptUIDlgViewCertificate calls in IE.
    • Fixed an error in Penango.findAllValidCertsByAddresses, where if no certs at all are found for the e-mail addresses being searched, LDAP never runs. Now, the code will run LDAP in this case if LDAP is enabled.
    • Added med.navy.mil, mail.mil, dla.mil, and deca.mil to GDS (DoD 411) lookup.
    • Disabled and re-enabled send buttons while finding and validating certificates, using the new functions GmailSmimeSender.prototype.acquireSendButtonsForEncryption and GmailSmimeSender.prototype.releaseSendButtonsForEncryption.
    • Corrected encryption styling issues.
    • Corrected button disabling styling issues.
    • Added support for creating a new Mailbox with an AddrSpec pre-defined (i.e., not just a string that needs to be parsed).
    • Changed "As of 2010" to "As of 2013" regarding hash algorithm strength.
    • Moved progressMeter.dispose() function calls around, which was necessary to deal with asynchronous feedback from the certificate validation functions.
    • Fixed problems in the implementation of CCMSSignerInfo::GetSigningCertificate in IE.
    • Added and improved jsdump2 reporting, including (but not limited to) dom2events.js.
    • Added support for extracting signer ID information from the CryptoAPI.
    • Implemented JS<->C++ objects to report CERT_ID (CCertID), CERT_ISSUER_SERIAL_NUMBER (CCertIssuerSerialNumber), and subject key identifier (just an octet string as a BSTR).
    • Wrote CertStructs.h and .cpp to abstract and simplify the implementation of CERT_* CryptoAPI things between JS<->C++.
    • Edited SmimeViewer.prototype.verify to use the new asynchronous log format, which is handled in the new verify function and then passed along to verify2 (which holds the old verify code) after validation is complete.
    • Exposed serializeLength in ASN1 for ease of use.
    • Added Penango.isKeyUsageConsistent, which checks the keyUsage extension for consistency with signing and encrypting operations.
    • Improved Penango.isKeyUsable, which checks whether the key is technically/mathematically usable (e.g., DSA keys cannot be used for encryption: it just won't work).
    • Improved Penango.hasValidPath with due regard to all of the possible error conditions on Mozilla and IE, including status unknown and offline revocation.\
    • Changed the prefs for sending messages, such as prefs.encrypt and so forth, to support the log maps.
    • Changed encryptDraftCerts in Zimbra to encryptDraftLogMap, since it is officially a LogMap.
    • Eliminated exact duplicate e-mail addresses in the output of stUtil.certToLine.
    • Wrote prefsplus.js, which contains useful functions for getting and managing preferences.
    • Added Penango.getEnumeratedPref, which gets a pref and then shoehorns the result into one of the predefined enumerated values.
    • Added Penango.genCertPrefVars, which interpolates and outputs the cert pref vars (issuer, sha1, sha256) based on a cert, as used in the above preferences that are parameterized wholly or partially by cert.
    • Changed the casing for vars (no / escaping is required) in the IE Registry settings. Now, the casing in IE for prefs lookup is essentially case-insensitive, and that is okay.
    • Fixed a longstanding problem in Mozilla prefs.js, where the /g global switch was not specified for serializeStringKey.
    • Fixed a longstanding problem in Mozilla prefs.js, where NULL was serialized as \NULL, which will not work because NULL is a terminator in the API call (string according to XPCOM for nsIPrefBranch). The replacement code serializes "\0".
    • Wrote encodeIssuerCertURNComponent, which is like encodeURIComponent but is more lax for readability.
    • Wrote various new harness test suites to test cert lookup functionality.
    • Added quotation marks around name and filename parms (parameters) when serializing out encrypted (EnvelopedData) bodies, so that it says name="Decrypt....p7m" and filename="Verify....p7m" instead of name=Verify....p7m and filename=Decrypt....p7m in Firefox.
    • Corrected the debug output of GetTrustAndInfoStatusDesc, in which info would not always be long enough (even though info.substr(2) is called), generating an out_of_range exception. The revised code always has info filled in, and there is an assertion to keep track of this during debugging.
    • Added SMIL (SIPRNet) domains and US Naval Academy domains to ldap-configs.js to use the DoD 411 service.
    • Added counters/semaphores to keep track of both concurrent recipient certificate finding operations, and concurrent originator finding operations.
    • Wrote generic utility functions to manage log maps and addr-spec matching:
      Penango.unionLogMaps
      Penango.hasAddrSpecInLog
      Penango.hasLogInMap
      Penango.addLogToMap
      Penango.removeLogFromMap
      Penango.filterLogMapByAddrSpec
      Penango.computeMissingAddrSpecs
      Penango.matchesAllAddrSpecs
      Penango.memoizeAddrSpecMap (memoization)
      Penango.memoizeCertHash
      Penango.memoizeAddrSpecMap
    • Wrote GmailSmimeSender utility and member functions to get recipient addresses in a modern way:
      GmailSmimeSender.prototype.getRecipientAddressList
      GmailSmimeSender.prototype.getRecipientAddrSpecs
    • Fixed coding conventions such as the use of $ vs. _ as separators for clarity, and added /** Javadoc-style comments for better documentation.
    • Added appropriate semicolons to terminate function operators in assignment statements.
    • Added de-duplication code in Penango.findAllValidCertsByAddresses so that if certs were found locally, and are also returned by LDAP, they are not re-validated during the LDAP phase and passed back to the application code.
    • Corrected logic error in Penango.findAllValidCertsByAddresses by setting i = n (to count the number of logs returned).
    • Updated Gmail and Zimbra code to handle string arguments returned from the callback in Penango.findAllValidCertsByAddresses (which indicates the phase of the finding process).
    • Wrote RFC2822.AddrSpec.diff(B, A), which computes the relative complement of A in B for e-mail addresses. That is: the set of elements in B, but not in A, in the order of B. The purpose is to determine e-mail addresses that are "left" (leftover).
    • Added additional licensed sites.


    2013-09-17 Penango 2.5.0.1 for Firefox, Internet Explorer, and Maxthon 2

    • Corrected activation problem in Penango for IE
    • Completely rewrote getBestCertByEmail legacy function to improve speed
and responsiveness when picking certificates for particular e-mail
addresses. There are now two levels of caching: caching for the result
 based on e-mail
    • Added experimental preference for pre-validation of encryption
 certificates: experimental.prevalidateEncryptCerts = true/false (default
false).
If this preference is true, then 2.5 seconds after Penango starts on a
webpage, Penango will enumerate all e-mail encryption certificates and
pre-validate them asynchronously in the background. The results are
 cached, so that when getBestCertByEmail runs, it will not have to do any 
additional validation--it will rely on the "pCache" (pre-validation cache)
    • Implemented new cert finding algorithms in support of getBestCertByEmail
    • Removed large quantities of legacy certificate finding and validating 
code in IE
    • Improved interactions with LDAP
    • Improved "jsdump" reporting throughout the code
    • Added debug output for validation of certificates in IE using CertGetCertificateChain, where certain certificates in certain
 enterprise circumstances will take an exceptionally long time to
 validate (mainly due to revocation checking)
    • Added ability to click on a certificate icon associated with each
 recipient, in order to open the platform's certificate viewer dialog, in
 Gmail
    • Added utility function getCertIcon to get the platform's certificate icon
    • Fixed the aspect ratio of recipients in the new compose view
    • Added assertions to track issues with Firefox interfaces
    • Fixed parsing of HTML content in IE with high-order Unicode bytes
 sliced off when sending a signed or encrypted messages: characters
 outside of the ASCII range were not properly represented in the MIME
output. Also known as the "Czech language encoding problem"
    •  Improved "flogging" mechanisms for logging to the Windows Event Viewer
 in Penango for IE, which can be enabled with the environment variable 
PENANGO_LOG_JSDUMP set to "1", "true", "TRUE", or "yes"
    • Added opcodes for event viewer logging, and removed duplicated opcodes
    • Fixed in Zimbra 7 the popping of the compose view after the message 
has been sent
    • Fixed composing replies in the old compose experience
    • Simplified Zimbra activation sequence to accommodate Firefox different
PenangoLoading dispatch behaviors
    • Added domutils.js for DOM utilities
    • Added debugging info for Zimbra
    • Streamlined the licensing code
    • Documented stUtil.parseCertSpec and stUtil.findCerts more thoroughly
    • Implemented handling in stUtil.parseCertSpec of certificate
 specifications ("certspecs") based on dbkey, ski (subject key
identifier), and issuersn (issuer and serial number)
    • Made stUtil.parseCertSpec more consistent in requiring certspec URIs
(URNs) to follow RFC 3986 encoding, with % encoded octets. The %
character itself MUST be encoded as %25
    • Added sanity checks for base64 encoded values in stUtil.parseCertSpec
    • Changed \r and \n removal to \s removal for dbkey
    • Leveraged the function CERT_AsciiToName to parse issuer strings in
Mozilla
    • Examined the function CertStrToName to parse issuer strings in IE
    • Improved the DN-parsing code for finding certificates in IE and
 Mozilla based on the aforementioned C APIs
    • Removed old cert preference code
    • Wrote asynchronous Penango.findPreferredCert function, which finds and
 validates a cert that is preferred for signing or encryption as
 specified by the preferences compose.sign and compose.signEncrypt
    • Fixed an error in the encryption certificate preference in one
 instance in Gmail, to compose.signEncrypt (correct)
    • Added validation cache reliance in the Penango Infobar code to speed 
up IE processing
    • Wrote extensive harness test suites for certspec testing
(harness-certspec.js), getBestCertByEmail testing (harness-gbcbe.js), 
and Penango.findAllValidCertsByAddresses testing (harness-favcba.js)
    • Wrote JSON_stringify in the test harness for certspecs for IE so that 
fewer characters are \u Unicode encoded
    • Re-enabled GetStackTrace in CJScriptSite::OnScriptError, to capture 
the stack trace in certain cases
    • Fixed a corner-case problem where parsing errors during JScript 
processing caused Penango to fail to load
    • Added handling in X509MarshallFindCertificate to ignore the
"constructor" property because it is irrelevant
    • Added detection and reporting (debug output) of Google Chrome Frame in
 IE to address enterprise customer problem. Chrome Frame is not currently
 supported, but will not cause errors when used to access Gmail or other
sites
    • Wrote stUtil.getNotValidAfter and stUtil.getNotValidBefore, which
 abstract out the process of obtaining a certificates's validity -
notAfter and validity - not Before values
    • Added sanity check to Penango.getTargetCert
    • Fixed "this" argument transmission in Zimbra callback code
    • Updated Penango Options dialog box in Mozilla, removing legacy
 functions and addressing TODO notes
    • Moved Penango.Stage to init.js, since it is still used for modern
 purposes
    • Moved NSS and PENANGO_ERROR namespace objects to mozcodes.js, which 
applies to Mozilla only
    • Removed all references to NSS and PENANGO_ERROR namespace objects from
IE-facing code
    • Restricted the use of getBestCertByEmail to encryption
 certificate-finding
    • Modernized smimeviewer.js and smimesender.js variations
    • Added ability to add certificates to CMS SignedData objects in IE "in
 the raw", along with a blueprint on how to use it in future releases.
 Fixed chain mode preference problems in Mozilla
    • Wrote CertNameInfo object in IE, which encapsulates CERT_NAME_INFO for 
loading and comparison purposes
    • Wrote the stub of CertRFC45143StrToNameInfoExW, which is intended to
 do what it implies (replacement of CertStrToNameW)
    • Implemented serial number-only comparison in X509FindCertificate
    • Corrected serial number byte inversion problem in IE
    • Fixed implementation problems related to nsIVariant and
nsIVariant_moz20 in pkixVerifyCertAsync
    • Added pre-validate parallelism of 8 (validate 8 certs at a time) for
 the compose.prevlaidateEncryptCerts preference
    • Fixed certToLine output for IE so that \u00a0 and such would not be 
present
    • Enhanced the platform-specific DOMParser (parseHTML implementations)
 to handle dynamic content, which is needed for OAuth processing
    • Added new licensed sites

    2013-07-08 Penango 2.4.3 for Firefox, Internet Explorer, and Maxthon 2

    • Fixed minor issues
    • Added support for Gmail signatures
    • Added new licensed sites.

    2013-05-22 Penango 2.4.2 for Firefox, Internet Explorer, and Maxthon 2

    • Added support for Firefox 21.
    • Began integration of support for Firefox 22 (not officially supported yet).
    • Made the "ptext.png" abbreviated infobar graphic the official graphic in the Gmail new Compose Experience.
    • Used the system icon for certificates in IE and Firefox in the UI.
    • Enhanced the first-party UI.
    • Added new licensed sites.

    2013-04-26 Penango 2.4.1 for Firefox, Internet Explorer, and Maxthon 2

    • Enhanced logging output in Windows Vista+ and Windows XP- in IE, using the Windows Event Log API (Vista+), and the Event Logging API (XP-).
    • Ran additional tests and uncovered a size/buffer-related problem in the Windows Event Log API.
    • Added opcode mappings when logging with the Windows Event Log API.
    • Added more task categories/category mapping in IE logging on both OS sets.
    • Removed section names like “GmailSmime”, “GmailSmimeSender”, and “GmailMonitor” in diagnostic output, since those were not valid section names, replacing them with plain “Gmail”.
    • Replaced “Generic” section (not valid) with more appropriate descriptors, such as “Notification” or “PAG”.
    • Replaced and improved operation names to use proper CamelCase casing, and to more appropriately describe the operation being undertaken that is the subject of the (jsdump) diagnostic message.
    • Discovered problems (heisenbugs) with C++ implementation of IsTopWindow, so reimplemented it in penangoCom as isTopWindow.
    • Implemented many more JS/C++ bridge methods in penangoCom.
    • Removed GetEventTargetDocument because it no longer serves any useful purpose.
    • Significantly improved corner cases in the New Compose Experience.
    • Discovered and corrected typo in resource subsystem: GmailStringBundle had GmailPenangoUnkownStatusError but it is supposed to be GmailPenangoUnknownStatusError.
    • Removed unnecessary capitalizations.
    • Added cross-browser keyEvent dispatcher.
    • Introduced “Attachments v2.0”, a set of features around client-side processing of attachments to messages being composed in Gmail in the New Compose Experience. Performance with respect to attachments is significantly improved as round-trips to the Gmail server are no longer strictly necessary.
    • Added “reveal” technology to Attachments v2.0.
    • Corrected a variety of regressions exposed during Harness testing.
    • Identified threading problems with using penangoCom on threads other than the main thread, and replaced those calls with native XPCOM C++ interface calls.
    • Updated new compose UI when removing an attachment.
    • Fixed double quotation of original text (in replies).
    • Added HACK to prevent prospective problems with IE signing (at least in IE9), related to the Multilingual Resource Subsystem.
    • Fixed memory error in handling nsIInputStream.
    • Added parameter checking and debugging info for penangoCom.
    • Added two new IE error codes: PENANGO_CORE_E_CREATEOBJECT_WRONGOBJID and PENANGO_CORE_E_CREATEOBJECT_WRONGOBJID_BROKER.
    • Added File (CFileAPI) and FileReader (CFileReader) handling in the broker session.
    • Deleted CommonCreate.cpp and CommonCreate.h.
    • Reformed platform-neutral aspects of ldap_abandon.
    • Improved handling of quotation when non-Penango e-mails are sent (new compose only).
    • Removed special
      elements from replies to Gmail normal messages.
    • Corrected event types in Windows Event Log API-exposed code.
    • Added HACK to make stack small by forcing it to be “(omitted)”.
    • Ensured that the right Content-Type: gets added to attachments, which also addresses attachment preview.
    • Added the possibility to click on a just-added attachment in the New Compose Experience and see its contents correctly.
    • Added diagnostic information for issues when importing certificates into the Windows certificate store (for example, if a certificate is corrupt).
    • Re-aligned message resources so that all categories will display properly in the Windows Event Viewer.
    • Updated penango-eventmsg package with the new category and message resources.
    • Added new licensed sites.

    2013-04-16 Penango 2.4.0 for Firefox and Internet Explorer

    • Added initial support for the Gmail New Compose Experience.
    • Re-enabled Zimbra Desktop usage.
    • Fixed reply behavior in IE.
    • Added quotations correctly for encrypted messages.
    • Added support for replies in a pop-up.
    • Fixed URL recognition for conversation view in a new window.
    • Fixed support for plain text compose in Gmail.
    • Fixed plain text composition and sanitization of HTML tags in IE.
    • Corrected 'null' body injection.
    • Added new debugging and diagnostic statements.
    • Removed a variety of legacy debugging and diagnostic statements.
    • Completely revamped the approach to JS/C++ XPCOM communication by using "penangoCom" abstraction to call interfaces in the JS environment instead of NS_InvokeByIndex, since NS_InvokeByIndex relies on structures that CHANGED abruptly in Firefox 20 (specifically ).
    • Bifurcated getting property values (e.g., getPropRetSupports) from invoking methods (e.g., invoke0RetSupports) since there are semantic XPCOM differences that are apparent in JS but not in C++ invocations.
    • Removed deprecated code GetEventOriginalTarget.
    • Fixed composing messages in popup windows, processing pre-connect for popup windows.
    • Added GmailUtil.IOPreConnect() utility API.
    • Deleted commented-out XPCOM Utilities.
    • Released 2.4.0 to a limited customer audience for testing and feedback.
    • Added new licensed sites.

    2013-04-12 Penango 2.3.7 for Firefox and Internet Explorer

    • Enhanced Licensing v1.2, specifically license handling.
    • Fixed NWC certificate problem related to processing of certain DoD PKI certificates when the DoD ID is not provided in the same format as originally expected.
    • Added trial diagnostic output for the same.
    • Added new licensed sites.

    2013-03-30 Penango 2.3.6 for Firefox, Internet Explorer, and Maxthon 2

    • Added Licensing v1.2.
    • Added new licensed sites.

    2013-03-25 Penango 2.3.5 for Firefox, Internet Explorer, and Maxthon 2

    • Fixed FilePicker in IE.
    • Fixed a possible issue with the notifications fading out when the user reloads a page, or switches between different compose views, in Gmail.
    • Fixed attachment handling matters in IE.
    • Added new licensed sites.

    2013-03-23 Penango 2.3.4 for Firefox and Internet Explorer

    • Added support for Firefox 20.
    • Fixed "Save to Disk" issue with attachments in Gmail in IE.
    • Added new licensed sites.

    2013-03-13 Penango 2.3.3 for Firefox, Internet Explorer, and Maxthon 2

    • Fixed Firefox Add-On bar icon registration issue (Penango icon was causing the Add-On bar to appear all the time).
    • Added support for new #apps and #advanced-search URL hash parts in Gmail.
    • Removed STARTTLS SMTP option from the Options dialog in Firefox.
    • Added new licensed sites.

    2013-02-28 Penango 2.3.2 for Firefox, Internet Explorer, and Maxthon 2

    • Added support for "newer" and "older" arrows in conversation view to switch between conversations.
    • Fixed SMTP optimizations, which were not sending the QUIT command appropriately.
    • Fixed an error in IE8 when the card is clicked but the cardClicked() function is called with an empty target.
    • Removed SMTP OAuth token upon sign-out.
    • Changed SmimeViewer behavior for detecting display of new messages - removed polling of the conversation view page.
    • Fixed attaching new smimesender objects in Gmail/Compose when compose button is hit multiple times.
    • Reduced usage of win.setTimeout().
    • Added recognized root CA certificates to pag-ca.js.
    • Fixed visualization of encrypted messages in Firefox.
    • Fixed call to remove IE8 obsolete message from Gmail.
    • Fixed disappearing of Penango's icons when compose is hit when already in the compose mode.
    • Added small optimization when the compose view is present to avoid extra processing when Gmail updates the page or auto-saves the content.
    • Removed references to security property in LDAP interfaces.
    • Removed deprecated LDAP JS methods.
    • Removed C++ deprecated bind methods.
    • Re-aligned methods for the LDAP interface on both IE and Firefox implementation.
    • Added support for fast-retry in case of error when attaching the SmimeViewer to a "card" in the Gmail Conversation View.
    • Fixed infobar when not-a-recipient in IE.
    • Fixed recipientInfo debug output when the recipient does not have the corresponding key (prints out the Issuer's subject and the serial number).
    • Added extended certificate information debugging when recipientsInfo are added for encrypted emails.
    • Added translation for "Finalizing" stage of SMTP connection.
    • Implemented a faster message view based on events instead of timer (at least IE9).
    • Added new licensed sites.

    2013-02-26 Penango 2.3.1 for Firefox and Internet Explorer

    • Updated function names (PAG.Declaration.createDeclarationFromCert and createFromCertAndLog) for better output in jsdump from the PAG.
    • Fixed adding declaration in IE.
    • Fixed replies to encrypted e-mails with encrypted-only attachments (i.e., .p7m encrypted only).
    • Fixed addAttachmentToPage for IE9.
    • Fixed base64 decoder in decode() method. There were missing delimiter checks on the size of the original string when the last chars are \r or \n. This fix addresses a latent corner case inherent in the IE decoding routines since 2009.
    • (Temporarily) removed ad management logic from IE.
    • Adjusted formatting in IE version of smimeviewer.js.
    • Removed excessive debug output from base64 decoder in IE.
    • Reorganized channel download code in IE so that it processes blocks of 512 bytes.
    • Commented out null-set reduction warning in PAG (logic).
    • Fixed correct use of autoSigning preferences for replies/forwards as well as new messages, in Gmail compose.
    • Ported fix from other branches to mainline of code, for addressing problems related to parsing Outlook-generated messages.
    • Ported fixes from other branches to mainline of code, for fixing infobar for missing decryption key in Firefox, and for fixing lock-checking on processed elements.
    • Fixed a logical error corner case when using LDAP URLs (compose.ldap.urls pref) when the match result from the regular expression is null.
    • Made small fixes for drag and drop support.
    • Fixed a window (win) initialization issue for detached compose messages.
    • Fixed attachment element recognition for replies to messages when Cc: recipients are present in the original message.
    • Fixed not-a-recipient error message in Firefox.
    • Correctly re-enabled Gmail attachment element when Penango is not used (no encryption and no signing).
    • Fixed attaching our "Attach a File" element to both compose and reply message elements.
    • Fixed processing for save draft button click and auto save events.
    • Fixed closing operations for SMTP in replies (the throbber was not properly stopped).
    • Resolved signing error in IE.
    • Added missing operation calls.
    • Added new licensed sites.

    2013-02-14 Penango 2.3.0 for Firefox and Internet Explorer

    • Added support for Firefox 19.
    • Fixed closing operations for SMTP in replies (throbber was not properly stopped).
    • Implemented startOperation and endOperation for Gmail, in order to track the progress of operations. Failed operations generate notifications after predetermined amounts of time.
    • Removed unnecessary parameter validation.
    • Improved code formatting, particularly spacing problems.
    • Expanded the jsdump/jsdump2 console output by 5 characters (from 6 characters to 11 characters) in IE, in order to better see opcodes.
    • Added connection IDs to LDAP objects. Connection IDs start with 101 for each session, and are output for every LDAP log entry. Users who have access to the diagnostic logs can track the progress of particular LDAP connections.
    • Added security type to be tracked related to LDAP connections. (Work in progress; will be removed in subsequent release.)
    • Fixed returning the matcheddn in LDAP response objects (in Firefox).
    • Added chrome (toolbar)-based notification icon in Firefox.
    • Partially integrated chrome notification icon with notifications in Firefox; the text may or may not be displayed at the bottom of the webpage.
    • Added notification abstraction (Penango.Notification, sometimes also called "hangers") to notify the user of particular issues or problems that cannot be placed elsewhere in the web app experience (mainly due to abortive problems occurring in the code).
    • Wrote JS-based implementation of Penango.Notification when the browser does not provide native notification services (yet)--this behavior is used in IE for now (work in progress).
    • Fixed proxy discovery for Firefox 18+.
    • Fixed multiple calls to preconnectSMTP.
    • Fixed automatic encryption for replies to encrypted messages.
    • Fixed quotation of text for encrypted messages.
    • Added logging categories for Flogger (IE): Generic, PAG, CRED, Legacy, SmimeSender, SmimeViewer, Encoder, Decoder.
    • Tested and ultimately removed DOMUtils component.
    • Extended PFS (Penango Forwarding Service) licensing for proxy/firewall traversal.
    • Deprecated CFilePicker.
    • Documented the use of CComObjectPtr.
    • Wrote large amounts of new code for the test harness, to test various Penango subsystems.
    • Added more robust handling of HTML parsing throughout the viewing and defanging code (for both Firefox and IE).
    • Made certain aspects of licensing case-insensitive.
    • Substantially rewrote the Penango for IE Core Component validation logic to ensure that if the Comodo (or any) CA is not trusted in the end user's Windows trust store, an alternate validation path is followed that will allow loading. Per customer request.
    • Added an extra significant validation test of the Core Component's signature and certificate.
    • Updated the alternate Authenticode validation routines (above) to handle CMS blobs, not just PKCS #7 SignedData blobs.
    • Handled timestamp-related issues for the alternate Authenticode validation routines.
    • Added patent-pending beautifier for .p7m attachments for Firefox and IE.
    • Added separator line that identifies encrypted attachments when viewed in a message, in Gmail.
    • Updated names and titles in the First-Party UI.
    • Improved display of localized messages when the signature format is invalid (e.g., not a valid S/MIME signed message).
    • Fixed a red infobar condition when a message is only encrypted (not signed); therefore, the declarations would be empty as SmimeViewer.prototype.verify() is not called.
    • Performed initial excursions to support loading Penango in the IE Tab process for Chrome.
    • Added better error reporting for IE defanger.
    • Fixed an issue with adding style nodes in composeHTMLContent.
    • Reset the status icon when the page changes (via hashchange).
    • Added passing of full cookie in URLRetriever.get().
    • Composed new toolbar buttons for Firefox for eventual use for status notifications.
    • Added retries for OAuth token procurement process.
    • Removed generic/debug.js.
    • Recognized URLs for Compose in New Window, and #search, URLs in Gmail.
    • Switched status communication to be handled via custom events in IE.
    • Fixed GmailAlertArea issue where it was not getting updated when the URL switched, thus causing the communication via the GmailAlertArea to be lost.
    • Fixed compose for a conversation where locking of the page element was not working thus causing multiple SmimeSender to be attached to the same compose element.
    • Fixed behavior for signed and encrypted email monitoring by using the postGetContents to deliver information to the Penango status icon.
    • Adjusted icon positions in IE8.
    • Added visual aids in the Gmail page that respond to page events.
    • Fixed finding reply/forward form object in IE.
    • Fixed URLRetriever for Firefox for getting response codes.
    • Removed attachment link XPath processing.
    • Added elements locking to allow for the monitor to avoid re-processing messages that have already been processed.
    • Fixed initialization of landing page for Gmail.
    • Added GmailUtil.getSafeLocationHref() to handled access denied error graciously (IE8, in particular).
    • Removed extra detailed debugging output from various binary components in the non-debugging build.
    • Fixed tab spacing and code layout.
    • Added checks to avoid duplicating sending messages.
    • Wrote GmailUtil.DOM.findParentElements() and GmailUtil.DOM.findChildElements() to replace XPath processing with ancestor searches.
    • Rewrote GmailSmimeViewer.monitor() to make use of the new functions.
    • Removed selected dependencies on mutation events in conversation view.
    • Split browser-specific functions into smimeviewer-moz.js and smimeviewer-ie.js (with generic functions kept in smimeviewer.js) to simplify code maintenance.
    • Generally reorganized source code files.
    • Updated the Penango for Firefox manifest so that it will load on most Mozilla (XULRunner/Gecko) toolkit applications, including Thunderbird, Postbox, and Postbox Express.
    • Updated the Penango for Firefox Options so that they will display on other Mozilla (XULRunner/Gecko) toolkit applications.
    • Updates options.js so that most of the tabs of the Penango for Firefox Options do not display on non-browser applications (e.g., Postbox, Postbox Express, Thunderbird).
    • Moved the Certificate Manager menu item around so that it is aesthetically pleasing.
    • Added a lot of guard code to handle the case where strStream in GetStackTrace.cpp is not initialized.
    • Added supportedOS manifest element for Application Compatibility for Windows 8 in (unreleased) Penango Setup project.
    • Cleaned up Penango Setup project source code.
    • Worked on creating and improving messenger-overlay.xul, for reduced functionality (a subset of functionality) in Mozilla Messaging applications (Thunderbird, etc.).
    • Refactored named entity insertions for localized text in messenger-overlay.xul.
    • Added and separated the base API functionality to messenger-overlay.xul.
    • Added additional licensed sites.

    2013-01-10 Penango 2.2.2 for Firefox, Internet Explorer, and Maxthon 2

    • Improved compatibility with Firefox 18's nsIX509CertDB interface.
    • Added additional licensed sites.

    2012-11-16 Penango 2.2.0 for Firefox, Internet Explorer, and Maxthon 2

    • Removed Penango.debug namespace and folded in the functionality elsewhere.
    • Improved various implementation aspects of the FilePicker.
    • Improved URLRetriever so that it works consistently on IE 6-9 and Firefox 3-18 to download HTTP stuff.
    • Created URLRetriever.get, a simplified implementation utility for HTTP GET requests to dereference URL data. URLRetriever.get also handles retries.
    • Removed Penango.getHTTP.
    • Deleted the implementations of XMLEscapeArtist.cpp, JSBridge.cpp, and jsdump/jsdump2 (JSDumpImpl) in penangoFloggingUtils.cpp.
    • Instrumented the PAG with jsdump2.
    • Instrumented the LDAP subsystem with jsdump2.
    • Added penangoICom and penangoCom implementation, which is designed to simplify Firefox version management (interface changes between C++ and JS XPCOM).
    • Added dn and cred support in LDAP URLs and in LDAP binding! Now, LDAP URLs for searching can contain distinguished names (usernames) and passwords, such as: <ldaps://cn=jesse:passme@ldap.foo.com/c=US>. Additionally, defaultConfigs (preconfigured domains) can include credentials for logging in to LDAP.
    • Added code to handle equality checking for LDAP Service Records (LSRs) when dn or cred are present.
    • Improved use of Penango.getPref in ldapcerts.js.
    • Made significant improvements to Penango Harness Tests.
    • Fixed harness tests output on IE.
    • Added new harness scripts for testing DOM properties (e.g., IE9 click and objects positioning on the page) and certs (e.g., for validation testing).
    • Made more incremental improvements to fix the doubling bug and the not-detected bug in Gmail.
    • Improved the LDAP consolidation (consolidateLDAPQueries).
    • Removed long-commented out code, especially with regard to jsdumps.
    • Determined that the hook procedure for IE LDAP was asserting at a couple of points. Fixed the assertion problems.
    • Fixed IE9 click issue.
    • Improved LDAP callback abstraction by processing platform-specific array in resultCallback into platform-neutral JS array.
    • Deprecated abortCb in IE LDAP.
    • Changed Certs to FindCerts opcode for jsdump2.
    • Fixed composer in Zimbra - exposed properties for JS objects need to be explicitly exported in order to be accessible from the page contents.
    • Improved penangoMoz build signing process.
    • Made function calls for event logging in Windows Vista+ dynamic, so that they do not cause runtime linkage errors on Windows XP (for Penango for IE).
    • Added additional licensed sites.

    2012-10-24 Penango 2.1.1 for Firefox and Internet Explorer

    • Fixed the doubling bug, wherein Penango would, in rare instances, activate twice in the Gmail compose view.
    • Added additional licensed sites.

    2012-10-02 Penango 2.1.0 for Firefox, Internet Explorer, and Maxthon 2

    • Completed flogging implementation in Firefox for 2.1 release, specifically for jsdump2 API and capturing unhandled exception details,which are logged to the PRLog under the module "penango".
    • Fixed missing display name in the From: line when sending Penango-enabled messages in Gmail.
    • Fixed a reply issue: when an encrypted message was replied to, and the plain editor is in use, quoting from the original message was not working in Gmail.
    • Added LDAP configs for northcom.mil and sage.northcom.mil, which are mapped to DoD 411 (GDS).
    • Removed a variety of superfluous and chatty jsdump debugging statements in RFC2822.
    • Added new parties to the First-Party UI (pag-known.js).
    • Integrated new jsdump2 API into DNS, SMTP, and Gmail/OAuth subsystems.
    • Added <sig> parsing in temporary Penango Flogging Dump Event API, so that function names (signatures) can be emitted.
    • Resolved ambiguous implicit conversions to PR_LogPrint function, which can sometimes result in undefined behavior.
    • Addressed compatibility issues in the latest builds of Gmail, specifically version gmail_fe_120916.00_p3, build 34122612 and greater. The underlying issue is that Gmail moved from blitting content from an iframe, to blitting to a <div> element on the top-level page during transitions in Gmail. (Additionally, it appears that Gmail wipes the entire DOM of the top-level code during startup at least once, possibly multiple times.) Multiple scenarios have been tested, and the appears stable at this time.
    • Added new code to check for whether a message being composed is plain (isPlain) or is HTML (!isPlain, related to plainTextAreaElement element).
    • Added a brief utility function to ascertain if any ancestor of a node or element up to a certain point is considered hidden (specifically: display:none) or visible (specifically: display: != none).
    • Rewrote jsdump logging code in JavaScript for Firefox, for greater stability across different Firefox versions.
    • Serialized errors, stack traces, and other details when recording log events.
    • Recorded more logging details.
    • Rewrote DNS subsystem logging facility.
    • Rewrote Gmail/OAuth subsystem logging facility.
    • Rewrote SMTP subsystem logging facility.
    • Added time recording and reporting in Firefox.
    • Moved certain code usage from log() to jsdump2().
    • Fixed a longstanding code problem where NS_ERROR_DOM_SECURITY_ERR was improperly checked for (logic error), in light of the multiple physical values of that symbol.
    • Added more stability checks to the code in Gmail.
    • Improved the data model for logging jsdump events.
    • Overhauled parts of the logging code in IE and Firefox.
    • Added jsdump serializations for JSON and Error objects.
    • Added jsdump serializations for primitive JavaScript types.
    • Corrected logic errors when escaping certain data to XML blobs.
    • Recorded more logging detail.
    • Added support for Firefox 16!
    • Added more stability checks to the code in Gmail.
    • **EASY** Penango preferences link! The Gmail user dropdown at the top right now has an overlay indicating that Penango is running; if the user clicks on it, the Options/Preferences page appears.
    • Improved overall Gmail handling by checking for certain corner cases.
    • Major improvements to "flogger", the new logging system in Firefox and IE. "flogger" now handles JS objects, including Error objects (in IE), and has more stable and isolated code for Firefox.
    • Devised new methods to extract information about arbitrary JScript and JavaScript data types between JS and C++ on the various supported platforms, including instanceof relationships.
    • Handled esoteric JScript function name corner cases, such as SyntaxError, URIError, etc. where function.toString() returnsnon-JavaScript.
    • Implemented powerset algorithm (stUtil.powerset).
    • Improved preference-getting code in the presence of multiple vars (variables), so that preference retrieval behaves predictably by creating the powerset of the vars set.
    • Removed unused functions (stUtil.getPropNum and stUtil.getProps).
    • Added serialization of VT_USERDEFINED types in IE when an error HRESULT is thrown from the C++ to the JavaScript code. "??UNKNOWN??" should appear far less often, being replaced by "IRegValue" or whatever interface is actually used.
    • Changed the format of the unhandled exception (Penango Script Error) dialog in IE, so that it is more informative and yet also more concise (because it no longer emits properties that are typically not present in the first place).
    • Added experimental "filepicker.js" platform-neutral abstraction for picking files.
    • Added additional licensed sites.

    2012-08-29 Penango 2.0.5 (for Firefox; 2.0.4.1 for Internet Explorer)

    • Addressed startup crashing in Firefox 15.0 on Mac OS X due to [unwarranted] changes to nsIXULAppInfo.
    • Added more stability checks to the code.
    • Addressed attachment issues in Gmail.
    • Added additional licensed sites.

    2012-08-15 Penango 2.0.4

    • Added support for Firefox 15!
    • Addressed issue where "mozjs" library (libmozjs) does not exist in Mac OS X or Linux, causing crashes in the flogger.
    • Improved compatibility with Firefox 11.0 (recognized minor changes to nsIScriptError interface between versions).
    • Implemented new logging system, "flogger", in Firefox and IE to record detailed logging messages to the underlying platform's event logging facilities. This technology is still in progress, but the basic building blocks have been implemented.
    • In Internet Explorer, sent logging messages to the source "Penango for Internet Explorer" with ReportEvent (ReportEventW) (in this release, logging only coccurs when the environment variable PENANGO_LOG_JSDUMP is set to 1).
    • In Firefox, sent logging messages to the module "penango" with PR_LogPrint (PR_LOG).
    • Corrected missing body problem in Gmail.
    • Addressed a problem where encryption status was not getting set properly in smimeviewer.js.
    • Abstracted out Mozilla handling of recipientInfos into a common function, internalSetAndReportRecipientInfoMoz.
    • Wrote functions to get the stack trace in IE and output this information to XML fragments.
    • Recomputed the location of script in JScript in IE, where sometimes the JScript engine reports locations that are off by one character.
    • Wrote a preliminary resource file for Event Log messages for Event Viewer consumption in Windows, called penango-eventmsg.dll. penango-eventmsg is not distributed with Penango 2.0.4,but is available from Penango, Inc. separately under various support agreements. Contact Penango if penango-eventmsg is needed for your implementation.
    • Escaped XML attributes and character data appropriately.
    • Added additional licensed sites.

    2012-07-15 Penango 2.0.2

    • Improved internal building and signing processes for IE.
    • Edited options stylesheet and xul in order to squeeze the vertical appearance as much as possible in Firefox options.
    • Fixed Gmail compose view anomalies.
    • Improved init value when unbinding from LDAP in IE.
    • Added additional licensed sites.

    2012-06-18 Penango 2.0.0

    • Added support for Firefox 14!
    • Added support for Firefox 13!
    • Added support for Firefox 12!
    • Corrected glitches regarding discarding draft messages after they are sent successfully, in IE9, for both new messages (in the compose view) and reply/forward messages (in the conversation view).
    • Checked for CRYPT_E_NO_REVOCATION_CHECK in the new certificate validation code in IE.
    • Improved the build methodology in IE.
    • Improved the build methodology for the Penango for Firefox pieces by using a custom MSBuild project file in Windows..
    • Corrected a problem regarding not checking for repeated e.target.parentNode.* elements.
    • Wrote binary functions for "base" encoding and decoding (namely base32).
    • Allocated custom error ranges for HRESULT and nsresult for Penango components, namely for the facilities/modules PENANGO_BASIC, PENANGO_DECODER, PENANGO_LICENSING, and LDAP..
    • Translated the "you" word in the PAG into English, Spanish, Japanese, German, Dutch, French, Italian, Catalan, Chinese (Simplified and Traditional), Galician, Danish, Portuguese, Russian, Ukranian, and Polish.
    • Improved robustness of the PAG regarding additional recipients.
    • Removed obsolete code paths that were written to support Firefox 2.
    • Fully translated GmailAutoCertificate, GmailUnknownCertAddresses, and GmailOAuthPleaseWait.
    • Corrected missing doc variable initialization in infobar code.
    • Added new, relevant debug information about connection statuses during LDAP lookup and proxy traversal.
    • Added additional licensed sites.